As the pace of challenges facing every network - and the people who have to defend them - grows, the need for more comprehensive information grows with it. When you can’t wait for AV firms and IPS vendors to provide a remedy on your timescale, you need to take matters into your own hands: “I need to protect the network, but I don’t have a lot of time or resources.”

This course is designed for information security professionals and enthusiasts who are tasked with protecting networks and businesses from a broad range of threats. This course will also suit people who are interested in learning more about the current Internet threat landscape. Students will learn how to identify new threats to their own networks and the internet at large, and how to protect against them.

Rather than focusing on reverse engineering and malcode dissection, we will instead focus on a simple approach that many people can use to quickly gather specific, usable information about threats. This course is not designed to be tool specific but rather it discusses a broad approach and multiple techniques that can be used quickly to assess new threats and determine how to respond to them. This class focuses on open, freely available tools to facilitate analysis. No programming or networking experience is required, but some operational experience is expected in order to get the most out of the training.

At the end of the two-day session, you should be able to

* Detect new malware and quickly gather information about it
* Identify malicious websites and discover their attack vectors
* Identify and react to phishing attacks
* Analyze vulnerability reports and translate this into a defensive posture
* Analyze exploit code to determine how to defend against it
* Build a knowledge repository for yourself and your team

Whom this training is for

* Network security staff
* System administrators
* People interested in learning about malcode and threats

Prerequisites

* Decent knowledge of TCP/IP
* Decent knowledge of Windows systems and major APIs
* Participants should bring their own laptop
* Choice of Operating System is optional (either Windows XP or Linux)

Dr. Jose Nazario is a Senior Security Engineer within Arbor Networks’ Arbor Security Engineering & Response Team (ASERT). Dr. Nazario’s research interests include large-scale Internet trends such as reachability and topology measurement, Internet-scale events such as DDoS attacks, botnets and worms, source code analysis tools, and data mining. He is the author of the books “Defense and Detection Strategies against Internet Worms” and “Secure Architectures with OpenBSD.” He earned a Ph.D. in biochemistry from Case Western Reserve University in 2002. Prior to joining Arbor Networks, he was an independent security consultant. Dr. Nazario regularly speaks at conferences worldwide, with past presentations at CanSecWest, PacSec, Blackhat, and NANOG. He also maintains WormBlog.com, a site devoted to studying worm detection and defense research.